Re: bitchx sources backdoored on distribution site

[Neeko Oni <neeko () haackey com>]

> From ftp.bitchx.org (msg in /pub):

              * * * * * *  A T T E N T I O N  * * * * * *

 Over the weekend of April 12th and 13th someone once again was releasing
 back doored code for BitchX on a false ftp site that was linked from the
 official BitchX Website.  We stress to everyone to please take notice of
 information that we post on http://faq.bitchx.org to help prevent these
 problems from causing you to download falsified source code for BitchX.

--

So it's entirely possible the source you downloaded was backdoored;  It 
would have been nicer had you included the site you downloaded from.  
According to bitchx.org it looks like it was only one off-site FTP.  
As it was an 'official' FTP (the assumption we're making), whether 
they're to blame or not is left for someone else to decide.  

.Neeko Oni

(Hey Bugtraq mod, wake up.)

> --UlVJffcvxoiEqYs2
> Content-Type: text/plain; charset=iso-8859-2
> Content-Disposition: inline
> Content-Transfer-Encoding: 8bit
>
> Hi,
>
> Can anyone verify that the bitchx 1.0c19 sources are backdoored.